October 2014 Patch Tuesday Fixes Sandworm Vulnerability

Three out of nine security bulletins in today’s Microsoft Patch Tuesday are marked as Critical while the rest are tagged as Important The patches address vulnerabilities found in Internet Explorer, and Microsoft .NET Framework, including the zero-day exploit affecting Microsoft Windows. MS14-060 discusses the Sandworm zero-day vulnerability, which was reported hours earlier.

Based on our analysis, attackers may use this vulnerability to create/execute malware payloads, given that it not too difficult to exploit. Attackers can just know the format and create their own PowerPoint exploit. Trend Micro detects the exploit as TROJ_MDLOAD.PGTY, and its payloads as INF_BLACKEN.A and BKDR_BLACKEN.A. Currently, it is believed that this zero-day was used in cyber attacks against European sectors and industries.

Another critical vulnerability that users need to note is MS14-056 which fixes several vulnerabilities in Internet Explorer. Once successfully exploited, this could possibly lead to remote code execution. Similarly, MS14-057, another bulletin tagged as Critical could lead to remote code execution when successfully exploited by remote attackers.

Adobe also released security updates today to address vulnerabilities affecting certain versions of ColdFusion and Adobe Flash Player. These are covered under the following CVEs:

CVE-2014-0558

CVE-2014-0564

CVE-2014-0569

CVE-2014-0570

CVE-2014-0571

CVE-2014-0572

We highly recommend users to patch their systems and update their Adobe products to its latest versions. The Sandworm zero-day highlights the importance of patching as this can be used by cybercriminals and threat actors to infiltrate the network and potentially steal confidential company data and other type of information.